Skip to content
This repository has been archived by the owner on Sep 7, 2018. It is now read-only.

Use nobody user in etc #124

Closed
mrsiano opened this issue Feb 4, 2018 · 8 comments
Closed

Use nobody user in etc #124

mrsiano opened this issue Feb 4, 2018 · 8 comments

Comments

@mrsiano
Copy link

mrsiano commented Feb 4, 2018
edited
Loading

Sum up the issue:
when inject ini files to etc/grafana, grafana will fail to start due to bad permissions.

alternatives:

  • follow the /etc/grafana permissions, specially the group id, for any new file that injects there.
  • ignore the permissions by using nobody user.

Initial message:
I'm trying to inject a custome configuration to my grafana using the following method:
docker run --name gtest -d -v defaults.ini:/var/lib/grafana/conf/defaults.ini -p 3000:3000 grafana/grafana:master
I also tried to place it under /usr/share/grafana/conf/
but it dose not work. any ideas ?

I would like to do the same actually for datasource file.

dose it supported ?

@bergquist
@mrsiano
Copy link
Author

mrsiano commented Feb 5, 2018
edited
Loading

/cc @torkelo @jeremyeder

@mrsiano mrsiano mentioned this issue Feb 7, 2018
Merged
13 tasks
@bergquist
Copy link
Contributor

the docker container currently installs grafana as a debian packages.
So grafana.ini goes into /etc/grafana/grafana.ini
datasource configurations goes into /etc/grafana/provisioning/datasources
dashboard configurations goes into /etc/grafana/provisioning/dashboards

@mrsiano
Copy link
Author

mrsiano commented Feb 8, 2018

docker run --name gf -dt -v $(pwd)/grafana.ini:/etc/grafana/grafana.ini grafana/grafana:master -p 3001:3001

see:
docker logs gf
CRIT[02-08|13:41:17] Failed to parse /etc/grafana/grafana.ini, open /etc/grafana/grafana.ini: permission denied%!(EXTRA []interface {}=[])

Also i tried to change the file group permissions, but it didn't work

@mrsiano
Copy link
Author

mrsiano commented Feb 8, 2018
edited
Loading

found it, my grafana.ini file wasn't match the group id in the container.

initially I use grafana.ini with the following permissions:
chgrp grafana grafana123.ini

but than I noticed it has diffrent id
-rw-r-----. 1 root grafana 13615 Feb 8 10:26 grafana.ini
-rw-r-x---. 1 root 1002 13614 Feb 8 11:55 grafana123.ini

so I grab the right id from the container which is 107.
2fcf358:/etc/grafana# id -G grafana

@bergquist
Copy link
Contributor

We should fix this by using the nobody user.

@mrsiano mrsiano changed the title grafana configuraion injection Use nobody user in etc Feb 8, 2018
@mrsiano mrsiano mentioned this issue Feb 12, 2018
Closed
@bergquist
Copy link
Contributor

Our goal was to introduce to fix this before we released 5.0 but right now the beta period is to short for that. This has to wait until 5.1

@xlson xlson mentioned this issue Mar 13, 2018
Closed
9 tasks
@xlson xlson mentioned this issue Mar 23, 2018
Merged
@xlson
Copy link
Contributor

xlson commented Mar 28, 2018

We no longer chown /etc/grafana and will be removing chown completely when we release Grafana 5.1. Also 5.0.4 no longer fails to boot when chown fails so for configurations it should be fine to have other owners as long as you configure reads for others (chmod a+x ...)

@xlson xlson closed this as completed Mar 28, 2018
@mrsiano
Copy link
Author

mrsiano commented Mar 28, 2018

thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xlson @bergquist @mrsiano